Fear the Feds Who Fear IT Knowledge

Government security concerns may limit access to technical training.

In our end-of-year discussions about the coming years it issues, someone mentioned government concerns about training in computer security. "The more people take these classes, the more people know how to hack" seems to be a growing concern at No Such Agency and its District of Columbia brethren.
Lets kill this thought before it multiplies. Its offspring might be limits on access to technical training, and that would be a terrible idea.

When people understand how things work, they make better decisions about how to use technology. If you know that your cars parking brake is controlled by a cable attached to the handle between the seats, separate from the brake pedals hydraulics, then you might think of using the former as backup to the latter on the day when your brake pedal sinks to the floor. But I cant teach you that without telling you useful things about how to sabotage a car.

Computer security involves the same dilemma. If you know about resource pools in Windows 9x, youll get in the habit of using just a few browser windows, rather than spawning windows willy-nilly to keep many Web pages open. You may even use a resource monitor to make sure your PC doesnt crash with little warning. Thats one of the simplest, most obvious examples of why even casual users ought to understand ITs underpinnings, even though that knowledge is also the foundation of malicious hacks.
My own school-age sons have seen movies, like "GoldenEye," in which hacking skills are plot elements. With touching confidence, they plead with me to teach them how to break in to systems. I always give them the same answer: "Read my book about PCs, then well talk." That puts the subject to bed for a while. They dont want to learn that much; they just want to know what button they can push that will make things do what they want.
Most malicious mischief makers dont want to work hard enough to learn precision hacking, but it takes an army of skilled developers to avoid creating the loopholes that enable a one-click attack. Lets not make it harder for future defenders to learn their craft.

Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.